On Thu, 10 May 2007 p3rlhax@gmail.com wrote: > IV. DETECTION > > Latest version of squirrel mail 1.4.8-4.fc6 and prior are found vulnerable. > > V. WORKAROUND > > I. Application should check for Referer Header in every post login request. Referer headers can be forged via Flash, so it is not a good idea to rely on these for security. > > II. Application should use CSRF token which is random enough to identify every legitimate post login request. According to: http://squirrelmail.org/security/issue/2006-12-02 version 1.4.8-4 is vulnerable to a XSS vulnerability, so an attacker could use the XSS vector to grab the session token ("CSRF token") and continue the CSRF attack. -- - Josh